This is the end of the preview. Sign up
to
access the rest of the document.

Unformatted text preview: Denial of Service via Algorithmic Complexity Attacks Scott A. Crosby Dan S. Wallach scrosby@cs.rice.edu dwallach@cs.rice.edu Department of Computer Science, Rice University Abstract We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications data structures. Fre- quently used data structures have average-case expected running time thats far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with care- fully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six min- utes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consum- ing all of its CPU. We show how modern universal hashing techniques can yield performance compa- rable to commonplace hash functions while being provably secure against these attacks. 1 Introduction When analyzing the running time of algorithms, a common technique is to differentiate best-case, common-case, and worst-cast performance. For ex- ample, an unbalanced binary tree will be expected to consume O ( n log n ) time to insert n elements, but if the elements happen to be sorted beforehand, then the tree would degenerate to a linked list, and it would take O ( n 2 ) time to insert all n elements. Similarly, a hash table would be expected to con- sume O ( n ) time to insert n elements. However, if each element hashes to the same bucket, the hash table will also degenerate to a linked list, and it will take O ( n 2 ) time to insert n elements. While balanced tree algorithms, such as red-black trees [11], AVL trees [1], and treaps [17] can avoid predictable input which causes worst-case behav- ior, and universal hash functions [5] can be used to make hash functions that are not predictable by an attacker, many common applications use simpler algorithms. If an attacker can control and predict the inputs being used by these algorithms, then the attacker may be able to induce the worst-case exe- cution time, effectively causing a denial-of-service (DoS) attack. Such algorithmic DoS attacks have much in com- mon with other low-bandwidth DoS attacks, such as stack smashing [2] or the ping-of-death 1 , wherein a relatively short message causes an Internet server to crash or misbehave. While a variety of techniques can be used to address these DoS attacks, com- mon industrial practice still allows bugs like these to appear in commercial products. However, unlike stack smashing, attacks that target poorly chosen al- gorithms can function even against code written in safe languages. One early example was discovered by Garfinkel [10], who described nested HTML tables that induced the browser to perform super-...
View Full
Document